]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/regressions/cms-01-basic.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.51.3.tar.gz
[apple/security.git] / OSX / libsecurity_smime / regressions / cms-01-basic.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include "cms-01-basic.h"
25 #include "smime_regressions.h"
26
27 #include <AssertMacros.h>
28
29 #include <utilities/SecCFRelease.h>
30
31 #include <Security/SecBase.h>
32 #include <Security/SecImportExport.h>
33 #include <Security/SecKeychain.h>
34 #include <Security/SecIdentity.h>
35 #include <Security/SecPolicy.h>
36
37 #include <Security/SecCmsMessage.h>
38 #include <Security/SecCmsSignedData.h>
39 #include <Security/SecCmsContentInfo.h>
40 #include <Security/SecCmsSignerInfo.h>
41 #include <Security/SecCmsEncoder.h>
42 #include <Security/SecCmsDecoder.h>
43 #include <Security/SecCmsEnvelopedData.h>
44 #include <Security/SecCmsRecipientInfo.h>
45
46 #include <security_asn1/secerr.h>
47 #include <security_asn1/seccomon.h>
48
49 #define TMP_KEYCHAIN_PATH "/tmp/cms_01_test.keychain"
50
51 #pragma clang diagnostic push
52 #pragma clang diagnostic ignored "-Wunused-variable"
53 #pragma clang diagnostic ignored "-Wunused-function"
54
55 #define kNumberSetupTests 10
56 static SecKeychainRef setup_keychain(const uint8_t *p12, size_t p12_len, SecIdentityRef *identity, SecCertificateRef *cert) {
57 CFDataRef p12Data = NULL;
58 CFArrayRef imported_items = NULL, oldSearchList = NULL;
59 CFMutableArrayRef newSearchList = NULL;
60 SecKeychainRef keychain = NULL;
61 SecExternalFormat sef = kSecFormatPKCS12;
62 SecItemImportExportKeyParameters keyParams = {
63 .passphrase = CFSTR("password")
64 };
65
66 /* Create keychain and add to search list (for decryption) */
67 unlink(TMP_KEYCHAIN_PATH);
68 ok_status(SecKeychainCopySearchList(&oldSearchList),
69 "Copy keychain search list");
70 require(oldSearchList, out);
71 ok(newSearchList = CFArrayCreateMutableCopy(NULL, CFArrayGetCount(oldSearchList)+1, oldSearchList),
72 "Create new search list");
73 ok_status(SecKeychainCreate(TMP_KEYCHAIN_PATH, 8, "password", false, NULL, &keychain),
74 "Create keychain for identity");
75 require(keychain, out);
76 CFArrayAppendValue(newSearchList, keychain);
77 ok_status(SecKeychainSetSearchList(newSearchList),
78 "Set keychain search list");
79
80 /* Load identity and set as signer */
81 ok(p12Data = CFDataCreate(NULL, p12, p12_len),
82 "Create p12 data");
83 ok_status(SecItemImport(p12Data, NULL, &sef, NULL, 0, &keyParams, keychain, &imported_items),
84 "Import identity");
85 is(CFArrayGetCount(imported_items),1,"Imported 1 items");
86 is(CFGetTypeID(CFArrayGetValueAtIndex(imported_items, 0)), SecIdentityGetTypeID(),
87 "Got back an identity");
88 ok(*identity = (SecIdentityRef) CFRetainSafe(CFArrayGetValueAtIndex(imported_items, 0)),
89 "Retrieve identity");
90 ok_status(SecIdentityCopyCertificate(*identity, cert),
91 "Copy certificate");
92
93 CFReleaseNull(p12Data);
94 CFReleaseNull(imported_items);
95
96 out:
97 CFReleaseNull(oldSearchList);
98 CFReleaseNull(newSearchList);
99 return keychain;
100 }
101
102 #define kNumberCleanupTests 1
103 static void cleanup_keychain(SecKeychainRef keychain, SecIdentityRef identity, SecCertificateRef cert) {
104 /* Delete keychain - from the search list and from disk */
105 ok_status(SecKeychainDelete(keychain), "Delete temporary keychain");
106 CFReleaseNull(keychain);
107 CFReleaseNull(cert);
108 CFReleaseNull(identity);
109 }
110
111 static OSStatus sign_please(SecIdentityRef identity, SECOidTag digestAlgTag, bool withAttrs, uint8_t *expected_output, size_t expected_len) {
112
113 OSStatus status = SECFailure;
114
115 SecCmsMessageRef cmsg = NULL;
116 SecCmsSignedDataRef sigd = NULL;
117 SecCmsContentInfoRef cinfo = NULL;
118 SecCmsSignerInfoRef signerInfo = NULL;
119 SecCmsEncoderRef encoder = NULL;
120 SecArenaPoolRef arena = NULL;
121 CSSM_DATA cms_data = {
122 .Data = NULL,
123 .Length = 0
124 };
125 uint8_t string_to_sign[] = "This message is signed. Ain't it pretty?";
126
127 /* setup the message */
128 require_action_string(cmsg = SecCmsMessageCreate(NULL), out,
129 status = errSecAllocate, "Failed to create message");
130 require_action_string(sigd = SecCmsSignedDataCreate(cmsg), out,
131 status = errSecAllocate, "Failed to create signed data");
132 require_action_string(cinfo = SecCmsMessageGetContentInfo(cmsg), out,
133 status = errSecParam, "Failed to get cms content info");
134 require_noerr_string(status = SecCmsContentInfoSetContentSignedData(cmsg, cinfo, sigd), out,
135 "Failed to set signed data into content info");
136 require_action_string(cinfo = SecCmsSignedDataGetContentInfo(sigd), out,
137 status = errSecParam, "Failed to get content info from signed data");
138 require_noerr_string(status = SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), out,
139 "Failed to set signed data content info");
140 require_action_string(signerInfo = SecCmsSignerInfoCreate(cmsg, identity, digestAlgTag), out,
141 status = errSecAllocate, "Failed to create signer info");
142 require_noerr_string(status = SecCmsSignerInfoIncludeCerts(signerInfo, SecCmsCMCertOnly,
143 certUsageEmailSigner), out,
144 "Failed to put certs in signer info");
145
146 if(withAttrs) {
147 require_noerr_string(status = SecCmsSignerInfoAddSigningTime(signerInfo, 480000000.0), out,
148 "Couldn't add an attribute");
149 }
150 require_noerr_string(status = SecCmsSignedDataAddSignerInfo(sigd, signerInfo), out,
151 "Couldn't add signer info to signed data");
152
153 /* encode now */
154 require_noerr_string(status = SecArenaPoolCreate(1024, &arena), out,
155 "Failed to create arena");
156 require_noerr_string(status = SecCmsEncoderCreate(cmsg, NULL, NULL, &cms_data, arena, NULL, NULL,
157 NULL, NULL, NULL, NULL, &encoder), out,
158 "Failed to create encoder");
159 require_noerr_string(status = SecCmsEncoderUpdate(encoder, string_to_sign, sizeof(string_to_sign)), out,
160 "Failed to add data ");
161 status = SecCmsEncoderFinish(encoder);
162 encoder = NULL; // SecCmsEncoderFinish always frees the encoder but doesn't NULL it.
163 require_noerr_quiet(status, out);
164
165 /* verify the output matches expected results */
166 if (expected_output) {
167 require_action_string(expected_len == cms_data.Length, out,
168 status = -1, "Output size differs from expected");
169 require_noerr_action_string(memcmp(expected_output, cms_data.Data, expected_len), out,
170 status = -1, "Output differs from expected");
171 }
172
173 out:
174 if (encoder) {
175 SecCmsEncoderDestroy(encoder);
176 }
177 if (arena) {
178 SecArenaPoolFree(arena, false);
179 }
180 if (cmsg) {
181 SecCmsMessageDestroy(cmsg);
182 }
183 return status;
184
185 }
186
187 static OSStatus verify_please(SecKeychainRef keychain, uint8_t *data_to_verify, size_t length) {
188 OSStatus status = SECFailure;
189 SecCmsDecoderRef decoder = NULL;
190 SecCmsMessageRef cmsg = NULL;
191 SecCmsContentInfoRef cinfo = NULL;
192 SecCmsSignedDataRef sigd = NULL;
193 SecPolicyRef policy = NULL;
194 SecTrustRef trust = NULL;
195
196 if (!data_to_verify) {
197 return errSecSuccess; // reasons...
198 }
199
200 require_noerr_string(status = SecCmsDecoderCreate(NULL, NULL, NULL, NULL, NULL,
201 NULL, NULL, &decoder), out,
202 "Failed to create decoder");
203 require_noerr_string(status = SecCmsDecoderUpdate(decoder, data_to_verify, length), out,
204 "Failed to add data ");
205 status = SecCmsDecoderFinish(decoder, &cmsg);
206 decoder = NULL; // SecCmsDecoderFinish always frees the decoder
207 require_noerr_quiet(status, out);
208
209 require_action_string(cinfo = SecCmsMessageContentLevel(cmsg, 0), out,
210 status = errSecDecode, "Failed to get content info");
211 require_action_string(SEC_OID_PKCS7_SIGNED_DATA == SecCmsContentInfoGetContentTypeTag(cinfo), out,
212 status = errSecDecode, "Content type was pkcs7 signed data");
213 require_action_string(sigd = (SecCmsSignedDataRef)SecCmsContentInfoGetContent(cinfo), out,
214 status = errSecDecode, "Failed to get signed data");
215 require_action_string(policy = SecPolicyCreateBasicX509(), out,
216 status = errSecAllocate, "Failed to create basic policy");
217 status = SecCmsSignedDataVerifySignerInfo(sigd, 0, keychain, policy, &trust);
218
219 out:
220 if (decoder) {
221 SecCmsDecoderDestroy(decoder);
222 }
223 if (cmsg) {
224 SecCmsMessageDestroy(cmsg);
225 }
226 CFReleaseNull(policy);
227 CFReleaseNull(trust);
228 return status;
229 }
230
231 static uint8_t *invalidate_signature(uint8_t *cms_data, size_t length) {
232 if (!cms_data || !length || (length < 10)) {
233 return NULL;
234 }
235 uint8_t *invalid_cms = NULL;
236
237 invalid_cms = malloc(length);
238 if (invalid_cms) {
239 memcpy(invalid_cms, cms_data, length);
240 /* This modifies the signature part of the test cms binaries */
241 invalid_cms[length - 10] = 0x00;
242 }
243
244 return invalid_cms;
245 }
246
247 static OSStatus invalidate_and_verify(SecKeychainRef kc, uint8_t *cms_data, size_t length) {
248 OSStatus status = SECFailure;
249 uint8_t *invalid_cms_data = NULL;
250
251 if (!cms_data) {
252 return SECFailure; // reasons...
253 }
254
255 require_action_string(invalid_cms_data = invalidate_signature(cms_data, length), out,
256 status = errSecAllocate, "Unable to allocate buffer for invalid cms data");
257 status = verify_please(kc, invalid_cms_data, length);
258
259 out:
260 if (invalid_cms_data) {
261 free(invalid_cms_data);
262 }
263 return status;
264 }
265
266 /* forward declaration */
267 static OSStatus decrypt_please(uint8_t *data_to_decrypt, size_t length);
268
269 static OSStatus encrypt_please(SecCertificateRef recipient, SECOidTag encAlg, int keysize) {
270 OSStatus status = SECFailure;
271 SecCmsMessageRef cmsg = NULL;
272 SecCmsEnvelopedDataRef envd = NULL;
273 SecCmsContentInfoRef cinfo = NULL;
274 SecCmsRecipientInfoRef rinfo = NULL;
275 SecArenaPoolRef arena = NULL;
276 SecCmsEncoderRef encoder = NULL;
277 CSSM_DATA cms_data = {
278 .Data = NULL,
279 .Length = 0
280 };
281 const uint8_t data_to_encrypt[] = "This data is encrypted. Is cool, no?";
282
283 /* set up the message */
284 require_action_string(cmsg = SecCmsMessageCreate(NULL), out,
285 status = errSecAllocate, "Failed to create message");
286 require_action_string(envd = SecCmsEnvelopedDataCreate(cmsg, encAlg, keysize), out,
287 status = errSecAllocate, "Failed to create enveloped data");
288 require_action_string(cinfo = SecCmsMessageGetContentInfo(cmsg), out,
289 status = errSecParam, "Failed to get content info from cms message");
290 require_noerr_string(status = SecCmsContentInfoSetContentEnvelopedData(cmsg, cinfo, envd), out,
291 "Failed to set enveloped data in cms message");
292 require_action_string(cinfo = SecCmsEnvelopedDataGetContentInfo(envd), out,
293 status = errSecParam, "Failed to get content info from enveloped data");
294 require_noerr_string(status = SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), out,
295 "Failed to set data type in envelope");
296 require_action_string(rinfo = SecCmsRecipientInfoCreate(cmsg, recipient), out,
297 status = errSecAllocate, "Failed to create recipient info");
298 require_noerr_string(status = SecCmsEnvelopedDataAddRecipient(envd, rinfo), out,
299 "Failed to add recipient info to envelope");
300
301 /* encode the message */
302 require_noerr_string(status = SecArenaPoolCreate(1024, &arena), out,
303 "Failed to create arena");
304 require_noerr_string(status = SecCmsEncoderCreate(cmsg, NULL, NULL, &cms_data, arena, NULL, NULL,
305 NULL, NULL, NULL, NULL, &encoder), out,
306 "Failed to create encoder");
307 require_noerr_string(status = SecCmsEncoderUpdate(encoder, data_to_encrypt, sizeof(data_to_encrypt)), out,
308 "Failed to update encoder with data");
309 status = SecCmsEncoderFinish(encoder);
310 encoder = NULL; // SecCmsEncoderFinish always frees the encoder but doesn't NULL it.
311 require_noerr_quiet(status, out);
312
313 require_noerr_string(status = decrypt_please(cms_data.Data, cms_data.Length), out,
314 "Failed to decrypt the data we just encrypted");
315
316 out:
317 if (encoder) {
318 SecCmsEncoderDestroy(encoder);
319 }
320 if (arena) {
321 SecArenaPoolFree(arena, false);
322 }
323 if (cmsg) {
324 SecCmsMessageDestroy(cmsg);
325 }
326 return status;
327 }
328
329 static OSStatus decrypt_please(uint8_t *data_to_decrypt, size_t length) {
330 OSStatus status = SECFailure;
331 SecCmsDecoderRef decoder = NULL;
332 SecCmsMessageRef cmsg = NULL;
333 CSSM_DATA_PTR content = NULL;
334 const uint8_t encrypted_string[] = "This data is encrypted. Is cool, no?";
335
336 require_noerr_string(status = SecCmsDecoderCreate(NULL, NULL, NULL, NULL, NULL,
337 NULL, NULL, &decoder), out,
338 "Failed to create decoder");
339 require_noerr_string(status = SecCmsDecoderUpdate(decoder, data_to_decrypt, length), out,
340 "Failed to add data ");
341 status = SecCmsDecoderFinish(decoder, &cmsg);
342 decoder = NULL; // SecCmsDecoderFinish always frees the decoder
343 require_noerr_quiet(status, out);
344 require_action_string(content = SecCmsMessageGetContent(cmsg), out,
345 status = errSecDecode, "Unable to get message contents");
346
347 /* verify the output matches expected results */
348 require_action_string(sizeof(encrypted_string) == content->Length, out,
349 status = -1, "Output size differs from expected");
350 require_noerr_action_string(memcmp(encrypted_string, content->Data, content->Length), out,
351 status = -1, "Output differs from expected");
352
353 out:
354 if (cmsg) {
355 SecCmsMessageDestroy(cmsg);
356 }
357 return status;
358 }
359
360 /* Signing with attributes goes through a different code path than signing without,
361 * so we need to test both. */
362 #define kNumberSignTests 10
363 static void sign_tests(SecIdentityRef identity, bool isRSA) {
364
365 /* no attributes */
366 is(sign_please(identity, SEC_OID_MD5, false, NULL, 0),
367 SEC_ERROR_INVALID_ALGORITHM, "Signed with MD5. Not cool.");
368 is(sign_please(identity, SEC_OID_SHA1, false, (isRSA) ? rsa_sha1 : NULL,
369 (isRSA) ? sizeof(rsa_sha1) : 0),
370 errSecSuccess, "Signed with SHA-1");
371 is(sign_please(identity, SEC_OID_SHA256, false, (isRSA) ? rsa_sha256 : NULL,
372 (isRSA) ? sizeof(rsa_sha256) : 0),
373 errSecSuccess, "Signed with SHA-256");
374 is(sign_please(identity, SEC_OID_SHA384, false, NULL, 0), errSecSuccess, "Signed with SHA-384");
375 is(sign_please(identity, SEC_OID_SHA512, false, NULL, 0), errSecSuccess, "Signed with SHA-512");
376
377 /* with attributes */
378 is(sign_please(identity, SEC_OID_MD5, true, NULL, 0),
379 SEC_ERROR_INVALID_ALGORITHM, "Signed with MD5 and attributes. Not cool.");
380 is(sign_please(identity, SEC_OID_SHA1, true, (isRSA) ? rsa_sha1_attr : NULL,
381 (isRSA) ? sizeof(rsa_sha1_attr) : 0),
382 errSecSuccess, "Signed with SHA-1 and attributes");
383 is(sign_please(identity, SEC_OID_SHA256, true, (isRSA) ? rsa_sha256_attr : NULL,
384 (isRSA) ? sizeof(rsa_sha256_attr) : 0),
385 errSecSuccess, "Signed with SHA-256 and attributes");
386 is(sign_please(identity, SEC_OID_SHA384, true, NULL, 0),
387 errSecSuccess, "Signed with SHA-384 and attributes");
388 is(sign_please(identity, SEC_OID_SHA512, true, NULL, 0),
389 errSecSuccess, "Signed with SHA-512 and attributes");
390 }
391
392 /* Verifying with attributes goes through a different code path than verifying without,
393 * so we need to test both. */
394 #define kNumberVerifyTests 12
395 static void verify_tests(SecKeychainRef kc, bool isRsa) {
396 /* no attributes */
397 is(verify_please(kc, (isRsa) ? rsa_md5 : ec_md5,
398 (isRsa) ? sizeof(rsa_md5) : sizeof(ec_md5)),
399 (isRsa) ? errSecSuccess : SECFailure,
400 "Verify MD5, no attributes");
401 is(verify_please(kc, (isRsa) ? rsa_sha1 : ec_sha1,
402 (isRsa) ? sizeof(rsa_sha1) : sizeof(ec_sha1)),
403 errSecSuccess, "Verify SHA1, no attributes");
404 is(verify_please(kc, (isRsa) ? rsa_sha256 : ec_sha256,
405 (isRsa) ? sizeof(rsa_sha256) : sizeof(ec_sha256)),
406 errSecSuccess, "Verify SHA256, no attributes");
407
408 /* with attributes */
409 is(verify_please(kc, (isRsa) ? rsa_md5_attr : NULL,
410 (isRsa) ? sizeof(rsa_md5_attr) : 0),
411 errSecSuccess, "Verify MD5, with attributes");
412 is(verify_please(kc, (isRsa) ? rsa_sha1_attr : ec_sha1_attr,
413 (isRsa) ? sizeof(rsa_sha1_attr) : sizeof(ec_sha1_attr)),
414 errSecSuccess, "Verify SHA1, with attributes");
415 is(verify_please(kc, (isRsa) ? rsa_sha256_attr : ec_sha256_attr,
416 (isRsa) ? sizeof(rsa_sha256_attr) : sizeof(ec_sha256_attr)),
417 errSecSuccess, "Verify SHA256, with attributes");
418
419 /***** Once more, with validation errors *****/
420
421 /* no attributes */
422 is(invalidate_and_verify(kc, (isRsa) ? rsa_md5 : ec_md5,
423 (isRsa) ? sizeof(rsa_md5) : sizeof(ec_md5)),
424 SECFailure, "Verify invalid MD5, no attributes");
425 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha1 : ec_sha1,
426 (isRsa) ? sizeof(rsa_sha1) : sizeof(ec_sha1)),
427 SECFailure, "Verify invalid SHA1, no attributes");
428 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha256 : ec_sha256,
429 (isRsa) ? sizeof(rsa_sha256) : sizeof(ec_sha256)),
430 SECFailure, "Verify invalid SHA256, no attributes");
431
432 /* with attributes */
433 is(invalidate_and_verify(kc, (isRsa) ? rsa_md5_attr : NULL,
434 (isRsa) ? sizeof(rsa_md5_attr) : 0),
435 SECFailure, "Verify invalid MD5, with attributes");
436 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha1_attr : ec_sha1_attr,
437 (isRsa) ? sizeof(rsa_sha1_attr) : sizeof(ec_sha1_attr)),
438 SECFailure, "Verify invalid SHA1, with attributes");
439 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha256_attr : ec_sha256_attr,
440 (isRsa) ? sizeof(rsa_sha256_attr) : sizeof(ec_sha256_attr)),
441 SECFailure, "Verify invalid SHA256, with attributes");
442 }
443
444 #define kNumberEncryptTests 5
445 static void encrypt_tests(SecCertificateRef certificate) {
446 is(encrypt_please(certificate, SEC_OID_DES_EDE3_CBC, 192),
447 errSecSuccess, "Encrypt with 3DES");
448 is(encrypt_please(certificate, SEC_OID_RC2_CBC, 128),
449 errSecSuccess, "Encrypt with 128-bit RC2");
450 is(encrypt_please(certificate, SEC_OID_AES_128_CBC, 128),
451 errSecSuccess, "Encrypt with 128-bit AES");
452 is(encrypt_please(certificate, SEC_OID_AES_192_CBC, 192),
453 errSecSuccess, "Encrypt with 192-bit AES");
454 is(encrypt_please(certificate, SEC_OID_AES_256_CBC, 256),
455 errSecSuccess, "Encrypt with 256-bit AES");
456 }
457
458 #define kNumberDecryptTests 5
459 static void decrypt_tests(bool isRsa) {
460 is(decrypt_please((isRsa) ? rsa_3DES : ec_3DES,
461 (isRsa) ? sizeof(rsa_3DES) : sizeof(ec_3DES)),
462 errSecSuccess, "Decrypt 3DES");
463 is(decrypt_please((isRsa) ? rsa_RC2 : ec_RC2,
464 (isRsa) ? sizeof(rsa_RC2) : sizeof(ec_RC2)),
465 errSecSuccess, "Decrypt 128-bit RC2");
466 is(decrypt_please((isRsa) ? rsa_AES_128 : ec_AES_128,
467 (isRsa) ? sizeof(rsa_AES_128) : sizeof(ec_AES_128)),
468 errSecSuccess, "Decrypt 128-bit AES");
469 is(decrypt_please((isRsa) ? rsa_AES_192 : ec_AES_192,
470 (isRsa) ? sizeof(rsa_AES_192) : sizeof(ec_AES_192)),
471 errSecSuccess, "Decrypt 192-bit AES");
472 is(decrypt_please((isRsa) ? rsa_AES_256 : ec_AES_256,
473 (isRsa) ? sizeof(rsa_AES_256) : sizeof(ec_AES_256)),
474 errSecSuccess, "Decrypt 256-bit AES");
475 }
476
477 int cms_01_basic(int argc, char *const *argv)
478 {
479 plan_tests(2*(kNumberSetupTests + kNumberSignTests + kNumberVerifyTests +
480 kNumberEncryptTests + kNumberDecryptTests + kNumberCleanupTests));
481
482 SecKeychainRef kc = NULL;
483 SecIdentityRef identity = NULL;
484 SecCertificateRef certificate = NULL;
485
486 /* RSA tests */
487 kc = setup_keychain(_rsa_identity, sizeof(_rsa_identity), &identity, &certificate);
488 sign_tests(identity, true);
489 verify_tests(kc, true);
490 encrypt_tests(certificate);
491 decrypt_tests(true);
492 cleanup_keychain(kc, identity, certificate);
493
494 /* EC tests */
495 kc = setup_keychain(_ec_identity, sizeof(_ec_identity), &identity, &certificate);
496 sign_tests(identity, false);
497 verify_tests(kc, false);
498 encrypt_tests(certificate);
499 decrypt_tests(false);
500 cleanup_keychain(kc, identity, certificate);
501
502 return 0;
503 }
mirror of Security